TW200509633A - Method, program and system for automatically detecting malicious computer network reconnaissance - Google Patents
Method, program and system for automatically detecting malicious computer network reconnaissanceInfo
- Publication number
- TW200509633A TW200509633A TW093119477A TW93119477A TW200509633A TW 200509633 A TW200509633 A TW 200509633A TW 093119477 A TW093119477 A TW 093119477A TW 93119477 A TW93119477 A TW 93119477A TW 200509633 A TW200509633 A TW 200509633A
- Authority
- TW
- Taiwan
- Prior art keywords
- computer network
- program
- automatically detecting
- packets
- detecting malicious
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
A detection and response system that generate an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjust the state value in response to observing the packets. When the state value reached a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/629,175 US7356587B2 (en) | 2003-07-29 | 2003-07-29 | Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram |
Publications (1)
Publication Number | Publication Date |
---|---|
TW200509633A true TW200509633A (en) | 2005-03-01 |
Family
ID=34103556
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW093119477A TW200509633A (en) | 2003-07-29 | 2004-06-30 | Method, program and system for automatically detecting malicious computer network reconnaissance |
Country Status (3)
Country | Link |
---|---|
US (2) | US7356587B2 (en) |
TW (1) | TW200509633A (en) |
WO (1) | WO2005015871A1 (en) |
Families Citing this family (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7644436B2 (en) * | 2002-01-24 | 2010-01-05 | Arxceo Corporation | Intelligent firewall |
US7434297B1 (en) * | 2003-11-17 | 2008-10-14 | Symantec Corporation | Tracking computer infections |
US8203941B2 (en) * | 2004-05-28 | 2012-06-19 | Hewlett-Packard Development Company, L.P. | Virus/worm throttle threshold settings |
US7957372B2 (en) * | 2004-07-22 | 2011-06-07 | International Business Machines Corporation | Automatically detecting distributed port scans in computer networks |
TWI364190B (en) * | 2004-07-22 | 2012-05-11 | Ibm | Method, system and program for automatically detecting distributed port scans in computer networks |
US20060059558A1 (en) * | 2004-09-15 | 2006-03-16 | John Selep | Proactive containment of network security attacks |
CN101147376A (en) * | 2005-02-04 | 2008-03-19 | 诺基亚公司 | Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth |
US8253619B2 (en) | 2005-02-15 | 2012-08-28 | Techtronic Power Tools Technology Limited | Electromagnetic scanning imager |
US7779465B2 (en) * | 2006-05-26 | 2010-08-17 | Microsoft Corporation | Distributed peer attack alerting |
US20080134300A1 (en) | 2006-07-08 | 2008-06-05 | David Izatt | Method for Improving Security of Computer Networks |
US8248934B2 (en) * | 2009-02-20 | 2012-08-21 | Fluke Corporation | Methods and apparatus for determining and displaying a transaction reset metric |
US8213506B2 (en) * | 2009-09-08 | 2012-07-03 | Skype | Video coding |
GB2476271B (en) * | 2009-12-17 | 2015-09-02 | Skype | Coding data streams |
JP2013523043A (en) | 2010-03-22 | 2013-06-13 | エルアールディシー システムズ、エルエルシー | How to identify and protect the integrity of a source dataset |
US8832830B2 (en) * | 2011-11-28 | 2014-09-09 | International Business Machines Corporation | Securing network communications from blind attacks with checksum comparisons |
US9948661B2 (en) | 2014-10-29 | 2018-04-17 | At&T Intellectual Property I, L.P. | Method and apparatus for detecting port scans in a network |
US10243980B2 (en) | 2016-03-24 | 2019-03-26 | Cisco Technology, Inc. | Edge-based machine learning for encoding legitimate scanning |
TWI606361B (en) * | 2016-08-25 | 2017-11-21 | ming-xian Wang | APP Detection Unknown Pattern Acquisition and Judgment Method |
CN106384047B (en) * | 2016-08-26 | 2019-11-15 | 青岛天龙安全科技有限公司 | APP detects unknown behavior acquisition and judgment method |
CN108076120A (en) * | 2016-11-23 | 2018-05-25 | 王昆 | Telecommunications transmits the device of message file |
CN110022240B (en) * | 2018-01-09 | 2021-03-23 | 香港理工大学深圳研究院 | Network state testing method and device and terminal equipment |
US11502834B2 (en) | 2020-02-26 | 2022-11-15 | International Business Machines Corporation | Refreshing keys in a computing environment that provides secure data transfer |
US11310036B2 (en) | 2020-02-26 | 2022-04-19 | International Business Machines Corporation | Generation of a secure key exchange authentication request in a computing environment |
US11184160B2 (en) | 2020-02-26 | 2021-11-23 | International Business Machines Corporation | Channel key loading in a computing environment |
US11652616B2 (en) | 2020-02-26 | 2023-05-16 | International Business Machines Corporation | Initializing a local key manager for providing secure data transfer in a computing environment |
US11546137B2 (en) | 2020-02-26 | 2023-01-03 | International Business Machines Corporation | Generation of a request to initiate a secure data transfer in a computing environment |
US11405215B2 (en) * | 2020-02-26 | 2022-08-02 | International Business Machines Corporation | Generation of a secure key exchange authentication response in a computing environment |
US11489821B2 (en) | 2020-02-26 | 2022-11-01 | International Business Machines Corporation | Processing a request to initiate a secure data transfer in a computing environment |
Family Cites Families (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS6110348A (en) | 1984-06-25 | 1986-01-17 | Nec Corp | Protocol conversion system |
EP0405042B1 (en) | 1989-06-29 | 1994-09-14 | International Business Machines Corporation | High speed digital packet switching system |
US5841520A (en) | 1995-08-09 | 1998-11-24 | Nikon Corporatioin | Exposure apparatus and method that use mark patterns to determine image formation characteristics of the apparatus prior to exposure |
US5774660A (en) * | 1996-08-05 | 1998-06-30 | Resonate, Inc. | World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network |
US5796942A (en) | 1996-11-21 | 1998-08-18 | Computer Associates International, Inc. | Method and apparatus for automated network-wide surveillance and security breach intervention |
JPH10233358A (en) | 1997-02-19 | 1998-09-02 | Nikon Corp | Scanning aligner |
JPH10247618A (en) | 1997-03-04 | 1998-09-14 | Nikon Corp | Scanning type aligner |
US5968176A (en) * | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
US6088804A (en) | 1998-01-12 | 2000-07-11 | Motorola, Inc. | Adaptive system and method for responding to computer network security attacks |
US6279113B1 (en) * | 1998-03-16 | 2001-08-21 | Internet Tools, Inc. | Dynamic signature inspection-based network intrusion detection |
US6381215B1 (en) | 1998-06-29 | 2002-04-30 | Microsoft Corporation | Method and computer program product for efficiently and reliably sending small data messages from a sending system to a large number of receiving systems |
US6321338B1 (en) | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6487666B1 (en) * | 1999-01-15 | 2002-11-26 | Cisco Technology, Inc. | Intrusion detection signature analysis using regular expressions and logical operators |
US7073198B1 (en) * | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
JP2001274080A (en) | 2000-03-28 | 2001-10-05 | Canon Inc | Scanning projection aligner and positioning method thereof |
TW484282B (en) | 2000-04-10 | 2002-04-21 | D Link Corp | Monitoring management method of network exchange system to the online frame |
TW477140B (en) | 2000-05-30 | 2002-02-21 | Inst Information Industry | Embedded intrusion detection system |
US6826699B1 (en) * | 2000-10-19 | 2004-11-30 | Sony Corporation | Method and apparatus for performing authentication and key exchange protocols with multiple sink devices |
US8218555B2 (en) * | 2001-04-24 | 2012-07-10 | Nvidia Corporation | Gigabit ethernet adapter |
US7191468B2 (en) * | 2001-07-17 | 2007-03-13 | The Boeing Company | System and method for multidimensional data compression |
US20030101353A1 (en) * | 2001-10-31 | 2003-05-29 | Tarquini Richard Paul | Method, computer-readable medium, and node for detecting exploits based on an inbound signature of the exploit and an outbound signature in response thereto |
US7076803B2 (en) * | 2002-01-28 | 2006-07-11 | International Business Machines Corporation | Integrated intrusion detection services |
US7657934B2 (en) * | 2002-01-31 | 2010-02-02 | Riverbed Technology, Inc. | Architecture to thwart denial of service attacks |
US7284272B2 (en) * | 2002-05-31 | 2007-10-16 | Alcatel Canada Inc. | Secret hashing for TCP SYN/FIN correspondence |
US7114182B2 (en) * | 2002-05-31 | 2006-09-26 | Alcatel Canada Inc. | Statistical methods for detecting TCP SYN flood attacks |
US20030236995A1 (en) * | 2002-06-21 | 2003-12-25 | Fretwell Lyman Jefferson | Method and apparatus for facilitating detection of network intrusion |
US7370357B2 (en) * | 2002-11-18 | 2008-05-06 | Research Foundation Of The State University Of New York | Specification-based anomaly detection |
US7957409B2 (en) * | 2003-01-23 | 2011-06-07 | Cisco Technology, Inc. | Methods and devices for transmitting data between storage area networks |
US7681235B2 (en) * | 2003-05-19 | 2010-03-16 | Radware Ltd. | Dynamic network protection |
US7404205B2 (en) * | 2003-06-03 | 2008-07-22 | Hewlett-Packard Development Company, L.P. | System for controlling client-server connection requests |
US20070143846A1 (en) * | 2005-12-21 | 2007-06-21 | Lu Hongqian K | System and method for detecting network-based attacks on electronic devices |
-
2003
- 2003-07-29 US US10/629,175 patent/US7356587B2/en active Active
-
2004
- 2004-06-08 WO PCT/EP2004/050968 patent/WO2005015871A1/en active Application Filing
- 2004-06-30 TW TW093119477A patent/TW200509633A/en unknown
-
2008
- 2008-02-29 US US12/040,065 patent/US7734776B2/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
US20080148406A1 (en) | 2008-06-19 |
US7734776B2 (en) | 2010-06-08 |
US20050027854A1 (en) | 2005-02-03 |
WO2005015871A1 (en) | 2005-02-17 |
US7356587B2 (en) | 2008-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TW200509633A (en) | Method, program and system for automatically detecting malicious computer network reconnaissance | |
CN111147504B (en) | Threat detection method, apparatus, device and storage medium | |
US10264007B2 (en) | Malware beaconing detection methods | |
US9104872B2 (en) | Memory whitelisting | |
US8677493B2 (en) | Dynamic cleaning for malware using cloud technology | |
EP3253018A1 (en) | Network intrusion detection based on geographical information | |
WO2005124600A3 (en) | Method and apparatus for detecting suspicious, deceptive, and dangerous links in electronic messages | |
WO2006019726A3 (en) | System and method for detecting computer virus | |
WO2001084270A3 (en) | Method and system for intrusion detection in a computer network | |
GB2418279B (en) | Document modification detection and prevention | |
MY151479A (en) | Method and apparatus for detecting shellcode insertion | |
CN107979581B (en) | Detection method and device for zombie characteristics | |
WO2006019701A3 (en) | Inline intrusion detection using a single physical port | |
WO2008091785A3 (en) | System and method for determining data entropy to identify malware | |
WO2006107560A3 (en) | Methods, systems, and computer program products for establishing trusted access to a communication network | |
CN110061998B (en) | Attack defense method and device | |
US10681075B2 (en) | Detection of SSL / TLS malware beacons | |
CN110008719B (en) | File processing method and device, and file detection method and device | |
CN107995179A (en) | A kind of unknown threat cognitive method, device, equipment and system | |
CN104125213A (en) | Distributed denial of service DDOS attack resisting method and device for firewall | |
JP6421436B2 (en) | Unauthorized communication detection device and program | |
TW200744025A (en) | Network communication device security system and method of the same | |
KR101308085B1 (en) | Intrusion prevention system using correlation attack pattern and method thereof | |
WO2005117370A3 (en) | Using address ranges to detect malicious activity | |
CN103096321A (en) | Method for detecting malicious server and device for the same |